id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux
2249,"MD5 is broken sometimes, an option to use SHA would be appreciated.",pol@…,nobody,"Machine Info:
Debian Linux 2.4.26-1-386
mod_python 3.1
Apache2
Python 2.3
Description:
Apparently my version of mod_python is not generating md5 strings well. As a result, the session was throwing a ""Suspicious Operation"" exception when checking for cookie tampering. I am not the first person that this has happened to.
The follwing fixed the problem:
Modify contrib/sessions/models.py and contrib/admin/views/decorators.py
- Import sha and change *md5* to *sha*
- Change encoded_data[:-32], encoded_data[-32:] to encoded_data[:-40], encoded_data[-40:]
Suggestion:
Add a SESSION_KEY_TYPE var to settings.py that allows the user to specify md5 or sha session keys.
",enhancement,closed,Contrib apps,,normal,invalid,modpython md5 session,nikl@…,Design decision needed,0,0,0,0,,